|
Question : Windows Domain accounts locked out without reason?
|
|
I have an issue where a user is locking out his account in my windows domain. According to the domain controller security logs, I see that his account is getting locked out, but I am not seeing him get failures for putting the in the wrong password. I get the following two errors:
I get a few of these (Event ID 681):
The logon to account: UserName
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: ComputerName
failed. The error code was: 3221226036
Then I get this (Event ID 539):
Logon Failure:
Reason: Account locked out
User Name: UserName
Domain: DOMAIN
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: ComputerName
I checked out the first one on MS KB and it states the error message means the account is already locked out. But I don't see how he's doing it. I went through this person's workstation and deleted and recreated all of the mapped network drives and network places links just in case it had the old account password or something.
This problem started when a help desk individual reset the user's password from the domain. Thinking that maybe it was stuck in the workstation, I had the customer locally change his password again, but no good. The user stated to me that his account usually locks when he launches Outlook but it's not always the case.
Any help would be appreciated. Thank you.
|
Answer : Windows Domain accounts locked out without reason?
|
|
According to GFI Languard the cause for the error is one of the following:
User logon with misspelled or bad user account
User logon with misspelled or bad password
User logon has incorrect user name
User logon outside authorized hours
User logon from unauthorized workstation
User logon with expired password
User logon to account disabled by administrator
User logon with expired account
User logon with "Change Password at Next Logon" flagged
User logon with account locked
If the user has Windows 9x, it's better to disable caching password.
|
|
|
|
